PayPal was supposed to have made the change on December 3, the date it announced as the target for no longer accepting secure connections from sites using SSL v3 instead of TLS. As I manage a Zen Cart site which uses PayPal’s express checkout as it’s only payment option, I checked with the server’s technical support staff to make sure we were covered. Yup. We got you set up with that, they said. I was good to go.
When December 3 came and went with the site continuing to take orders, I figured I had weathered the storm quite handily, although this seemed a little too easy to me.
Then came Monday night.
While I was away from home and office, sitting at a borrowed computer, I received a series of emails from PayPal, notifying me that a customer was making repeated unsuccessful attempts to place an order — unsuccessful because PayPal was refusing the handshake from the server. I easily recreated the problem by logging on to the site using a dummy customer account and attempting to make a purchase. At the point where the order was sent to PayPal, the process failed with a red letter warning saying something like “(35) error:14094410:SSL routines:func(148):reason(1040).” Not cool.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux